Objective
This article explains how to generate, list, and delete OLI API keys programmatically using the OLI backend APIs. It covers key limits (maximum 5 active keys per user, 1-year maximum validity), authentication requirements, endpoint details, and provides Python code examples for each operation. By following this guide, developers and system administrators will be able to manage API keys securely and stay within system constraints.
OLI API Key Basics and Constrains
API keys are long-lived credentials that allow programmatic access to OLI APIs. They are tied to a user account and should be treated as sensitive secrets.
OLI API keys can be used with all OLI APIs, including OLI EngineAPI, OLI ProcessAPI, OLI ScaleChem API, OLI Corrosion API, and OLI ChemBuilder API. The access to each of these APIs is linked to the license associated with your OLI user account.
Limits
-
Maximum active keys per user: Each user can have at most 5 active API keys.
- When the 5-key limit is reached, further create attempts fail.
- To create a new key once limit is reached, the user must delete one of the existing keys.
-
Maximum validity period: Each key's validity cannot exceed 1 year from its creation time.
- Requests that specify an expiry beyond 1 year maybe rejected.
- Keys do not auto-renew; once expired, they must be rotated.
- The expiration date of the API key, specified as an epoch timestamp in milliseconds.
Authentication
All API key management endpoints require an authenticated user access bearer token:
Authorization: Bearer <user_access_token>
Content-Type: application/json
The access token here is not the API key being managed, but the standard user auth token obtained via your normal login / auth flow. For more details, please visit: link
Endpoints Overview
The following endpoints are used for API key management:
-
Generate a key:
POST <https://api.olisystems.com/user/api-key> -
List keys:
GET <https://api.olisystems.com/user/api-key> -
Delete a key:
DELETE <https://api.olisystems.com/user/api-key/{apiKeyId}>
The exact response schemas are defined in the OLI developer documentation; typical responses include the key ID, name, creation time, expiry, and other metadata. The plaintext API key itself is usually returned only at creation time.
Generating an API Key
Request
Endpoint
POST https://api.olisystems.com/user/api-keyBody (JSON)
{
"name": "OLI Key 2026",
"expiry": 1798761599000
}
-
expiry(number): Expiry time as a Unix timestamp in milliseconds. This value must not be more than 1 year from the current time.
If:
- the user already has 5 active keys, or
-
expiryexceeds 1 year
the API returns a 4xx error indicating the constraint violation.
Python Example – Create API Key
import requests
import json
url = "https://api.olisystems.com/user/api-key"
payload = json.dumps({
"name": "OLI Key 2026",
"expiry": 1798761599000 # example timestamp in ms; must be ≤ 1 year from now
})
headers = {
"Authorization": "Bearer eyJhbGciO...", # replace with a real user access token
"Content-Type": "application/json"
}
response = requests.post(url, headers=headers, data=payload)
print(response.status_code)
print(response.text)
# Parse JSON response
responseJson = response.json()
# Extract API key and its ID from the response
api_key = responseJson["data"]["apiKey"]
api_key_id = responseJson["data"]["apiKeyId"]
print("API Key:", api_key)
print("API Key ID:", api_key_id)
Tips
- The
api_keycannot be retrieved again. - Store
api_key_idseparately for later deletion.api_keycannot be retrieved usingapi_key_id.
Listing API Keys
Request
Endpoint
GET https://api.olisystems.com/user/api-key
The response returns metadata for all API keys belonging to the authenticated user (such as ID, name, creation time, expiry, last used time). The actual plaintext key values are not returned.
Python Example – List API Keys
import requests
url = "https://api.olisystems.com/user/api-key"
headers = {
"Authorization": "Bearer eyJhbGciOiJSUzI1NiIsInR5c...", # replace with a real user access token
"Content-Type": "application/json"
}
response = requests.get(url, headers=headers)
print(response.status_code)
print(response.text)
responseJson = response.json()
# Example: assume a top-level "data" field containing a list of keys
keys = responseJson.get("data", [])
for k in keys:
print("Key ID:", k.get("apiKeyId"))
print("Name:", k.get("name"))
print("Created At:", k.get("createdAt"))
print("Expiry:", k.get("expiry"))
print("Last Used At:", k.get("lastUsedAt"))
print("---")Tips
- Use this endpoint to:
- See how many keys are active (enforcing the 5-key limit).
- Identify old or unused keys via
lastUsedAt.
Deleting an API Key
Request
Endpoint
DELETE https://api.olisystems.com/user/api-key/{apiKeyId}Path parameter
-
apiKeyId– the ID of the key to delete (as returned by the create or list APIs).
Result
- On success, the API confirms deletion (typically via a simple JSON object indicating success).
- If the key does not exist or does not belong to the authenticated user, a 4xx error is returned.
Python Example – Delete API Key
import requests
api_key_id = "fa3193d5-ffe1-45c3-b29f......" # replace with actual api key ID
url = f"https://api.olisystems.com/user/api-key/{api_key_id}"
headers = {
"Authorization": "Bearer eyJhbGciO...", # replace with a real user access token
"Content-Type": "application/json"
}
response = requests.delete(url, headers=headers)
print(response.status_code)
print(response.text)
Tips
- In rotation flows:
- Create a new key.
- Deploy and validate usage of the new key.
- Delete the old key.
This guide provides a reference with examples for managing API keys programmatically, including endpoint details, constraints, and code samples. You can also generate keys using the UI at link. For more information, refer to API Keys | OLI API.